We may share your
personal information …
No,
businesses do not simply handle your
information in the manner prescribed through their verbose privacy policies. And
people are the bane of privacy
rights.
Nothing
about our privacy is simple, and company policies are anything but user
friendly. Intended to explain the companies’ responsibility of use and
ultimately relieve them of misuse, privacy policies are akin to the danger of a
wolf in sheep’s clothing – and we are Little Red Riding Hood.
Particularly mystifying
is the extended use of your data by third parties …
who are these mysterious “users” of your life’s DNA? The initial company to
which you provide information is merely the tip of the iceberg endangering your
data.
Your
information passes through many hands (and computers) for every item you buy,
doctor you visit, repair service performed, and subscriptions to everything
from magazines to social networking sites.
We
often only hear about data breaches when a public company is “hacked.”
So is hacking responsible for most of it? Not even.
What
is ignored regarding privacy statements, is companies are not robots. They are
comprised of people (at least most,
for another few years) – individuals with human foibles
and various, sometimes nefarious, motives towards others, while handling
sensitive data.
A
June 2013 Techs Trick World article by Atish Ranjan, made the connection. “Many companies
spend a lot of money trying to protect data from hackers. However, they
sometimes ignore the threat of data breaches posed by their own employees.”
Consider
that EVERY institution that collects personal information employs people who
often may not have any sort of character blemish, at hiring. However, bills
pile up, an illness ensues, or any number of life scenarios could cause a
normally honest and upright employee to become careless, or even barter private
data for dollars.
Companies
are people … people are unpredictable … and your personal information is at an
all-time, wildfire-hot high risk.
One
company to which I subscribe for a service included this privacy policy disclaimer
(in part): We may share your information
with third parties … These providers are required to keep [our] member
information confidential, and to use the information only
to offer the contracted products or services to [our] members. (Red
font color is mine, for emphasis.)
Do
the providers swear on a stack of Bibles to do so? Do their employees? “Goldman Sachs Group Inc warned
customers of a data breach that occurred [sic] when an outside contractor
emailed confidential client data to a stranger's Gmail account by mistake.” (Privacy Rights)
More
of the disclaimer: We may share your
information with companies we hire to provide certain administrative services
such as processing address labels, managing databases and sending mailings.
Notice the plural “third
parties,” above. How many? One? Three? Ten? Likely dozens, if not hundreds –
for each company in which your information is held – and how many employees do they contain? Try to multiply the
possibilities of where your information is going and it will boggle the average
brain.
“Advisen data show that reports of
third-party data breaches skyrocketed to a seven-year high in 2013, after
rising steadily since 2005. Slight drops in case count were observed in
2009 and 2012, but the number of reported vendor breaches as tracked by Advisen
remains well above the level of just a decade ago.” (“Third-party vendor data-breach cases skyrocket”; Erin Ayers for Cyber Risk Network, May 28, 2014; the bolding is mine.)
Granted,
nearly every business we deal with utilizes third party companies to handle billing
and mailings. It’s our misfortune that in today’s society those tasks
are no longer in-house activities, which would limit our data exposure.
Third
party alliances are the norm. But what of their policies – and the people who
administer them (or not)? How can we possibly monitor them? We don’t even know
who they are.
Adding
insult to injury we must contact the initial
company(ies) to STOP the insanity of spreading our data around like a viral
disease. Do you have time for that? I don’t. And according to the example company
above, it could take them up to four months to make it happen.
I
wish I could offer a magic action or tip that would help you protect your
privacy – but we are too far into this vortex of life formed by the Internet. There
is no going back. And everyone is vulnerable.
If
only to provide a sense of control (however thin), I would like to see a law
passed that requires we be given the opportunity to opt out of data sharing before it’s done – rather than the
current after-the-fact practice – and that opting in NOT be a requirement to do
business with a company.
Maybe
then I could pretend the big bad wolf didn’t get all my muffins …
Cheers!
